A Brave New Cyberworld

The cyberattack on some of Iran’s high-speed nuclear centrifuges last month and the theft of Google company secrets in late 2009 were prime examples of a new age of technological vulnerabilities that is only expected to get worse. The most recent major breach was last week’s attack by those sympathetic to WikiLeaks against Amazon and PayPal after the companies shutdown WikiLeaks’s payment and Web services. David DeWalt, CEO of McAfee Inc., the world’s largest dedicated security company recently acquired by Intel for $8 billion, spoke to NEWSWEEK’s Joel Schectman about the future of computer and Web security, and what he thinks should concern the world next. Excerpts:

From employees to product, how do you lead your company in this post-recession world?

From a leadership point of view [the key is] to lead from the front. In the last 60 days I have spoken to more than 6,000 customers. [That’s because] the world of security is very interesting. From smart phones to the iPad, everything is connected to the Internet and everything is vulnerable on the Internet. Hardly a day goes by where you don’t see numerous articles on WikiLeaks, or hacking, or some kind of loss of data. So we have had extraordinary growth as a company.

Moving forward, what do you see as the biggest challenge for your industry?

I would say “keeping up.” You continue to see so much change in threats on a daily basis. We are starting to [look at] terrorist activity. So keeping up is a critical part of success.

How else is technological change affecting your company?

Right now, if you run your McAfee product on your home computer, there is a little icon in your desk tray. It basically runs as an app above the operating system like in Windows. We are good at looking at viruses and finding viruses in the operating system, but most of the major attacks, the most insidious in the history of security, have occurred in the last year and were all attacking below the operating systems. In order to get ahead of the bad guys we have to think more creatively. By being part of Intel we are able to create security on a different level—right down to the silicon chips [as opposed to just on the software level]. In the future [protective] capabilities will run right in your silicon firmware so we can prevent something bad from happening on your computer from a much deeper inspection layer than ever before.

Obviously every company has ups and downs. When you do have failures how do you address them?

I treat a crisis as one of the greatest opportunities. In a crisis you can learn and exponentially innovate at your company. We had a crisis in the spring where we released a bad update, which caused customers’ [computers] to be injured by our release. We very quickly acted on it. Within a few hours you saw a video from me on our website around the world. You saw us [offer] free software to anyone who was injured by the product. We flew out [employees to help] customers. One of my proudest moments was how we handled that crisis, and the amazing exponential improvement that we had as a result of that.

How do you balance being environmentally friendly and making a profit?

Over the last few years we created a very conscious green program. It is literally in every fabric of what we do. We overhauled our manufacturing process with green elements. We reduced our carbon footprint by working with our manufacturers. I would also tell you that we have been working on ways that we can manage power supply with our own products. In every area we have a green strategy, which we review every year.

Do you see the possibility of a digital 9/11 type of event?

It’s what keeps me up at night. It’s a possibility that is there. This last year we saw the most dangerous cyber weapons ever created in the history of security [with attacks like Aurora].

Five years down the line, what type of threats do you see coming?

Crime has been growing significantly online in the last 10 years and it will continue to [because it is] low risk and high reward. We also see other vectors of attack that aren’t money motivated. There are hacktivists, [as in the] WikiLeaks situation. Five years from now I think McAfee will be one of the most important things in the world because of the advancing architecture of the Internet. We will need security companies to be global and be there like a global police department to resolve problems.

Does it put you in an awkward position, as an American company, to be tasked with potentially protecting other countries computers and software?

It will put us in an awkward position. But I will tell you that we are far from an American company. We do business in 110 countries. We do research and development in 42 countries around the world. We might report our financials in America, but my development is all over the world. My customers are all over the world.

But if countries start to see their security as a zero-sum game, how does that position you as a global company?

Today there are seven terrorist countries that I can’t sell to, or export to, or do business with. If the U.S. decides that is a wider number, then I would have to abide by those restrictions. That being said, there is an arms race in the cyber world among many countries. At the World Economic Forum in Davos we released a report specifically on the state of cyberwar. We see 20 countries armed for cyberwarfare today. What that means is that they have the specific technique, the research labs, the scientists, designing vulnerability-exploiting cyber weapons.

You think it’s a bigger threat than nuclear weapons?

I do, over time [because] everything is connected to the Internet. If I have the ability to knock out the power supply in California, or if I can bring down critical infrastructure in gas supply, all of these things are connected to the Internet and all these devices can be brought down. If I can impact that, then I can do so much more harm than, perhaps, a bomb.